Jump to content

Archived

This topic is now archived and is closed to further replies.

esm

shopping cart home page screwed up

Recommended Posts

Ed,

 

I believe the 'Reported Attack Page' warning tells you exactly what is wrong.

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Your site was not upto date, and was hacked.

 

Besides what was proposed by chris, you might also want to check your access-log.txt to find out where did the attack came from...


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

How do you know that my site was not up-to-date?

 

Where do I find this access-log.txt file?

 

I tried a grep search but I have no idea what kind of string to enter into the search. How am I supposed to know what to search for?

Share this post


Link to post
Share on other sites

Ed,

 

The most common encryption code used by hackers is eval base64, try using that in the search, it is a good place to start.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

The log file is usually stored above your public access folder, together with the error log. Try with forcing to view hidden files in your ftp program.


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Sometimes, ftp programs like filezilla might have issues displaying hidden files.

 

Can you try ftp with TotalComander?


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

I found the access log file and there's nothing in that shows any unknown intruder.

 

Just access from the legit website www.bgfenterprisesllc.com

Share this post


Link to post
Share on other sites

Usually you can find some strange "POST" or "sh" lines in the access log... Will have to asume that the hacker obtained root access like you, and worried to edit the logs... Anyhow, did you find the infected code in your files? Did you follow the routine proposed before? Tell us what is your status.


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Ed,

 

Your site has already been reported as an attack site, you should follow the instructions above as the site is attacking potential customers when they type in your URL. This is ALWAYS bad for present and future business.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

×